daily pastebin goal
36%
SHARE
TWEET

Untitled

a guest May 23rd, 2018 63 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Embedded file name: /app/sqli_lv1/content/app/sql/views.py
  2. from flask import render_template, request, flash, current_app, send_file
  3. from ..app import db
  4. from . import sql
  5. from .models import Darkside, Lightside
  6. from hashlib import sha256
  7. import re
  8. import sqlite3
  9.  
  10. @sql.before_app_first_request
  11. def init_app():
  12.     if db.session.query(Lightside).count() == 2:
  13.         return
  14.     realJEDI = Lightside(username=current_app.config['USER'], password=sha256(current_app.config['PASSWD']).hexdigest())
  15.     jedi = Lightside(username=current_app.config['USER'], password=sha256(current_app.config['USER']).hexdigest())
  16.     stormtrooper = Darkside(username='stormtrooper', password=sha256('stormtrooper').hexdigest())
  17.     db.session.add(stormtrooper)
  18.     db.session.add(jedi)
  19.     db.session.add(realJEDI)
  20.     db.session.commit()
  21.  
  22.  
  23. @sql.route('/', methods=['GET'])
  24. def index():
  25.     return render_template('login.html')
  26.  
  27.  
  28. @sql.route('/pyc', methods=['GET'])
  29. def pyc():
  30.     return send_file(__file__)
  31.  
  32.  
  33. @sql.route('/login', methods=['GET'])
  34. def login():
  35.     username = request.args.get('username', '')
  36.     password = request.args.get('password', '')
  37.     side = request.args.get('side', '')
  38.     if username == '':
  39.         flash('Please enter a username')
  40.         return render_template('login.html')
  41.     elif password == '':
  42.         flash('Please enter a password')
  43.         return render_template('login.html')
  44.     elif side == '':
  45.         flash('Please select a side')
  46.         return render_template('login.html')
  47.     else:
  48.         con = sqlite3.connect('app/sqli_lv1.sqlite')
  49.         con.row_factory = sqlite3.Row
  50.         cur = con.cursor()
  51.         try:
  52.             query = " SELECT username\n                        FROM `%s`\n                        WHERE username='%s' LIMIT 1" % (sql_filter(side), sql_filter(username))
  53.             cur.execute(query)
  54.             result = cur.fetchone()
  55.             if result != None:
  56.                 query = " SELECT *\n                            FROM `%s`\n                            WHERE password='%s' and username='%s' LIMIT 1" % (sql_filter(side), sha256(password).hexdigest(), sql_filter(username))
  57.                 cur.execute(query)
  58.             else:
  59.                 flash('That username did not exist!')
  60.                 return render_template('login.html')
  61.         except sqlite3.Error as e:
  62.             error_msg = xss_filter('error: {0}.'.format(e.args[0]))
  63.             query = xss_filter('query: {0}.'.format(query))
  64.             print '[+] sql error: ', e, query
  65.  
  66.         result = cur.fetchone()
  67.         if result == None:
  68.             flash('Invalid username/password')
  69.         elif result['username'] == current_app.config['USER'] and result['password'] == sha256(current_app.config['PASSWD']).hexdigest():
  70.             flash('Are you realJEDI? This is your lightsaber! {0}'.format(current_app.config['FLAG']))
  71.         else:
  72.             flash('Welcome back <b>{0}</b> ! Sorry, we are under construction!'.format(xss_filter(username)))
  73.         return render_template('login.html')
  74.  
  75.  
  76. def xss_filter(payload):
  77.     payload = payload.replace('<', '<').replace('>', '>')
  78.     return payload
  79.  
  80.  
  81. sql_blacklist = ['drop',
  82.  'my',
  83.  'heart',
  84.  'set',
  85.  'love',
  86.  '=',
  87.  'null',
  88.  'where',
  89.  'you',
  90.  'is',
  91.  'not',
  92.  'like',
  93.  'me',
  94.  'by',
  95.  'insert',
  96.  'limit',
  97.  'from',
  98.  '1',
  99.  '2',
  100.  '3',
  101.  '5',
  102.  ';']
  103.  
  104. def addslashes(s):
  105.     d = {'"': '\\"',
  106.      "'": "\\'",
  107.      '\x00': '\\\x00',
  108.      '\\': '\\\\'}
  109.     return ''.join((d.get(c, c) for c in s))
  110.  
  111.  
  112. def sql_filter(payload):
  113.     for badword in sql_blacklist:
  114.         regex = re.compile(re.escape(badword), re.I)
  115.         payload = regex.sub('***', payload)
  116.  
  117.     payload = addslashes(payload)
  118.     return payload
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top